10 Jan
2008
10 Jan
'08
12:09 p.m.
On Thursday 10 January 2008, Andon Tschauschev wrote:
I extract some memory through /dev/mem: 'dd if=/dev/mem of=./dump_1.dat bs=1 count=708K'
Then I can look at the extracted memory using hexdump: 'hexdump -vC dump_1.dat | less'
But reading machine code is not very comfortable...
With the mentioned disassembler I would be able to do: 'streamdisass -i dump_1.dat -o dump_1.asm' and then enjoy the asm-representation of the dump?
What's wrong with objdump -D -b binary -m i386:x86-64 ? (Assuming you have an AMD64 machine)
Torsten